Hong Kong News
Nonpartisan, Noncommercial, unconstrained.
Saturday, Feb 22, 2025
Real, Diverse, Unbiased.
First arrest under anti-doxxing law
The Office of the Privacy Commissioner for Personal Data has used a new set of legal teeth for a first time to arrest a 31-year-old man under the recently introduced anti-doxxing law.
The suspect allegedly revealed personal information about a person he was squabbling with over money. The target then reported to the Office of the Privacy Commissioner, triggering an investigation and now an arrest.
Lo Dik-fan, acting senior personal data officer from the office’s criminal investigation unit, said Monday that officers arrested the alleged offender in West Kowloon for contravening the Personal Data (Privacy) Ordinance by “disclosing personal data without consent.”
The suspect was detained in a police cell overnight as the watchdog does not have detention facilities.
“The act originated from a money dispute,” Lo said. It led to the suspect posting on an online platform his victim’s personal information as well as details of the financial feud between them.
Officers also seized a smartphone during the operation, which is continuing.
This first arrest by the privacy office follows the commissioner being empowered by an amendment to the ordinance that was gazetted on October 8 to carry out criminal investigations and institute prosecutions.
The amendment also made doxxing a criminal offense carrying a maximum sentence of two years in prison and a fine of HK$100,000.
Lo refused to reveal details of the money dispute, what kind of personal information was revealed or to identify the platform used.
He also refused to disclose whether the information had been removed already and whether the watchdog had demanded a deletion.
Lo went on to warn citizens against reposting personal information as that could constitute an offense.
Asked if privacy officers are armed during arrest operations, a spokeswoman for the office cited the ordinance and added: "If any person resists or attempts to evade a search or arrest an authorized officer may use any force that is reasonable in the circumstances to effect a search or an arrest."
The amendment to the ordinance followed doxxers attacking people of opposing political stances and police officers through the indiscriminate disclosure of personal data and "weaponizing" such information in the wake of the anti-fugitive unrest in 2019.
Barrister Albert Luk Wai-hung noted that disclosure of personal information without consent to "intentionally" cause harm to a person or to his or her family members could constitute an offense under the anti-doxxing law. This might include loan sharks who post bills on streets to try to force borrowers to repay money.
Luk also said there is no definitive rule on what kind of personal information crossed a red line, “but if the information provided can directly pinpoint someone then it might constitute an offense.
“For example, if you hide parts of someone’s name but reveal the secondary school the person went to and the year the person graduated ... the information provided could identify the exact person."
Data scientist Wong Ho-wa said social media giants could remove a post and shared posts deriving from it if there was a request to do so, but “it would be quite hard" for a platform to handle if a screenshot was posted as that would be considered to be new.
Lo Dik-fan, acting senior personal data officer from the office’s criminal investigation unit, said Monday that officers arrested the alleged offender in West Kowloon for contravening the Personal Data (Privacy) Ordinance by “disclosing personal data without consent.”
The suspect was detained in a police cell overnight as the watchdog does not have detention facilities.
“The act originated from a money dispute,” Lo said. It led to the suspect posting on an online platform his victim’s personal information as well as details of the financial feud between them.
Officers also seized a smartphone during the operation, which is continuing.
This first arrest by the privacy office follows the commissioner being empowered by an amendment to the ordinance that was gazetted on October 8 to carry out criminal investigations and institute prosecutions.
The amendment also made doxxing a criminal offense carrying a maximum sentence of two years in prison and a fine of HK$100,000.
Lo refused to reveal details of the money dispute, what kind of personal information was revealed or to identify the platform used.
He also refused to disclose whether the information had been removed already and whether the watchdog had demanded a deletion.
Lo went on to warn citizens against reposting personal information as that could constitute an offense.
Asked if privacy officers are armed during arrest operations, a spokeswoman for the office cited the ordinance and added: "If any person resists or attempts to evade a search or arrest an authorized officer may use any force that is reasonable in the circumstances to effect a search or an arrest."
The amendment to the ordinance followed doxxers attacking people of opposing political stances and police officers through the indiscriminate disclosure of personal data and "weaponizing" such information in the wake of the anti-fugitive unrest in 2019.
Barrister Albert Luk Wai-hung noted that disclosure of personal information without consent to "intentionally" cause harm to a person or to his or her family members could constitute an offense under the anti-doxxing law. This might include loan sharks who post bills on streets to try to force borrowers to repay money.
Luk also said there is no definitive rule on what kind of personal information crossed a red line, “but if the information provided can directly pinpoint someone then it might constitute an offense.
“For example, if you hide parts of someone’s name but reveal the secondary school the person went to and the year the person graduated ... the information provided could identify the exact person."
Data scientist Wong Ho-wa said social media giants could remove a post and shared posts deriving from it if there was a request to do so, but “it would be quite hard" for a platform to handle if a screenshot was posted as that would be considered to be new.
